Hi,
I'm new to this so please bare with me. I am
running RedHat Linux 6.2 with Apache 1.3.22 and OpenSSL 0.9.6d. I wish to
install ModSSL so that I can secure my web site.
I have downloaded the mod_ssl-2.8.5-1.3.22 tarball
from the web site. Upon reading the documentation, I find that I
On Tue, Jun 04, 2002 at 10:41:06AM -0400, Don wrote:
I have downloaded the mod_ssl-2.8.5-1.3.22 tarball from the web site. Upon reading
the documentation, I find that I need to recompile apache with additional
configuration options in order to install ModSSL.
Here is my dilemma. I never
I seem to have accidentally circumvented the SSLRequireSSL directive.
Here's what my .htaccess file looks like:
SSLRequireSSL
DirectoryIndex index.wp2
AddHandler cgi-script .cgi
Options +ExecCGI
deny from all
AuthType Basic
AuthUserFile /yadda/yadda/path/to/site/root/admin/.htpasswd
AuthName
On Tue, 4 Jun 2002 [EMAIL PROTECTED] wrote:
SSLRequireSSL
DirectoryIndex index.wp2
AddHandler cgi-script .cgi
Options +ExecCGI
deny from all
AuthType Basic
AuthUserFile /yadda/yadda/path/to/site/root/admin/.htpasswd
AuthName Administrative Pages
require valid-user
satisfy any
BUT, I
On Tue, 4 Jun 2002 [EMAIL PROTECTED] wrote:
BTW- I originally put in the 'deny from all' and 'satisfy any' lines
because I had another line 'allow from .my-domain.com' inbetween them
at one point. Which makes me wonder, what would I do if I wanted to
put it back in?
Ah, forgot to respond
Yeah, I zapped the 'satisfy any' and 'deny from all' which made the
server act as expected. I think your explaination of the behavior is
correct.
I'm still not understanding how this action is understandable from the
documentation for SSLRequireSSL, nor the fact that the logs are saying
We are looking at using Client Certs via an internal CA as a cheap way of
strong authentication (SecurID costs are killing us!)
Obviously we'll have to introduce processes by which leaving staff have
their certs revoked, and have quick turnaround on revoking certs when a user
reports them lost
Just remove the 'satisfy any' line and try it again.
This worked on my server.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of [EMAIL PROTECTED]
Sent: Wednesday, June 05, 2002 9:52 AM
To: Cliff Woolley
Cc: [EMAIL PROTECTED]
Subject: Re: SSLRequireSSL
